Home > Vulnerability Database > CVE-2015-1832

Mend.io Vulnerability Database

CVE-2015-1832

Good to know:

Date: October 3, 2016

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

Language: Java

Severity Score

9.1

Related Resources (20)

Url: https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

Url: https://svn.apache.org/viewvc?view=revision&revision=1691461

Url: https://www.oracle.com/security-alerts/cpuapr2020.html

Url: https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-1832

Url: https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

Url: https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

Url: https://www.oracle.com/security-alerts/cpuoct2020.html

Url: https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

Url: https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Url: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Url: https://issues.apache.org/jira/browse/DERBY-6807

Url: https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

Url: https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E

Url: http://www.securityfocus.com/bid/93132

Url: https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Url: https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

Url: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21990100

Url: https://www.mend.io/vulnerability-database/CVE-2015-1832

Severity Score

9.1

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

Resource Management Errors

CWE-399

Top Fix

Upgrade Version

Upgrade to version searchgui - 4.0.41;searchgui - 4.0.12;vufind/vufind - dev-release-5.0;vufind/vufind - dev-legacy/mink-autoretry;vufind/vufind - dev-legacy/lbs4-daia;vufind/vufind - v3.1;vufind/vufind - dev-pullrequest_accessib_turn-my-account-menu-into-ul;mpa-portable - no_fix;bioconductor-bridgedbr - 2.10.0;siu-toba/jasper - no_fix;metanovo - no_fix;peptide-shaker - 1.16.26;peptide-shaker - 2.2.6;mallet - no_fix;pepquery - 2.0.2;dia_umpire - no_fix;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.9.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.10.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.9.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.12.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.1;org.apache.camel:camel-example-restlet-jdbc:2.18.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.12.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.14.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.15.2;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.derby:derby:10.12.1.1;org.apache.derby:derby:10.12.1.1;org.wisdom-framework:derby:no_fix

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-1832

Good to know:

Date: October 3, 2016

Language: Java

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?